Wednesday, July 5, 2017
"In a recent wave, we are seeing the malware payloads disguised as Adobe Flash player," wrote Zscaler ThreatLabZ in a June 22, 2017, blog post. "Upon opening the dropper URL, the user will be prompted by a message saying the device's Flash Player is out of date, and the malware "Adobe_Flash_2016.apk" will be dropped on the user's device."
Nick Bilogorskiy, Senior Director of Threat Operations at Cyphort, said masquerading as a legitimate software update is a classic malware technique. He has seen similar attacks against iOS devices, including a Mac Trojan attack in February 2017 and the "Koobface" worm in 2010 that infected Facebook messages with a link that appeared to be an update of the Adobe Flash player.
"This kind of social engineering is very popular on PCs and on Android devices but would not work on Apple iPhones, because Steve Jobs made a decision in April 2010 to disallow Adobe Flash on Apple mobile platforms," he stated. "This is another one of the ways iPhones are safer from mobile malware than Android smartphones.
"In 2017, Android malware continues to grow, and while banking Trojans like Marcher are popular, most of the growth is coming from the mobile ransomware segment. It increased by over 250 percent during the first quarter of 2017, according to Kaspersky, from 61,832 to 218,625 detected files."
Security experts advise users to download apps or updates directly from app stores and vendor sites and to avoid third-party sites, particularly those with minimal activity and reviews. "Just as consumers have learned to not accept unsolicited phone calls and emails from banks, the same applies to software downloads," said Ryan Wilk, Vice President of Customer Success at NuData Security. "These phishing schemes are all about capturing data. At the core, these schemes look to steal users' authentication credentials and other sensitive information."
Wilk also recommended that companies implement multifactor security such as passive biometrics and behavioral analytics to validate that users are accessing and transacting on the account and to protect against phishing schemes and malware.
"Mobile users will forever fall victim to well-crafted social engineering techniques," added John Gunn, Chief Marketing Officer at Vasco Data Security. "What makes Marcher so dangerous is its ability to evade popular antivirus programs that users currently rely on for protection."
Frederik Mennes, Senior Manager Market & Security Strategy at Vasco, said both consumers and financial institutions are vulnerable to phishing attacks. "Last April, the BankBot family targeted over 420 banks, attempting for the first time to steal the logon credentials of many European and American banks via overlay windows," he stated. "This new variant of Marcher also targets many American organizations. In response to this growing threat, banks should protect their mobile banking apps using security solutions that detect and mitigate the overlay window."
"The only truly effective defense against this attack are newly developed solutions that identify and mitigate the fake overlay action of Marcher," Gunn added. "This is how you stop Marcher from stealing login credentials."
Editor's Note:
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
